Slashdot Mirror

← Back to Stories (view on slashdot.org)

Prototype Software Sniffs Out, Disrupts Botnets

Posted by Zonk on from the are-you-john-connors dept.

coondoggie writes "Earlier this week researchers unveiled a system to identify and eradicate botnets in the wild. While currently only a prototype, Georgia Tech's BotSniffer would use network-based anomaly detection to identify botnet command and control channels in a LAN. The system wouldn't require any prior knowledge of signatures or server addresses. 'The researchers said their prototype, which was presented at the Internet Society's Network and Distributed System Security Symposium this week, is based on the fact that botnets engage in coordinated communication, propagation, and attack and fraudulent activities.'"

1 of 51 comments (clear)

  1. Even easier way ... . by Anonymous Coward · · Score: 5, Interesting

    Just run a web server where you allow things like .. .

        index.php?main=xxx

    and then watch the attempts that come in for xxx, they will
    all be scripts that trigger the botnets. grab the scripts
    and you have the irc server, the channel, etc.

    A recent one that I saw was one katana.webchat.org in channel
    #msdos -- no idea if it is still running (ironic since webchat
    is supposed to have a security team). I reported it, but never
    heard anything back).

    Here are a bunch of other ones, access to botnets, free of
    charge.

    http://www.forestfamily.org/garc/.php/meifase.txt
    http://bialoka123.fileave.com/script9.txt
    http://raptortx.googlepages.com/inc3.txt
    http://snock.host.sk/spread.txt
    http://bialoka123.fileave.com/script9.txt
    http://members.lycos.co.uk/enviescraps/pbot.txt
    http://gikowns.googlepages.com/BOTNET-GIKO.txt
    http://www.ligseg.com.br/Etc/24.gif
    http://76.162.170.34/Photos/pbot
    http://www.hotjazz.xpg.com.br/ty.txt

    Use at your own risk, and maybe, these folks will get off their rear ends and shut these things down.